Evolution and Trends in Terrorism Tradecraft
MIN READOct 11, 2012 | 09:01 GMT
By Scott Stewart
The terrorist tradecraft discussed in last week's Security Weekly does not happen in isolation. The practitioners of terrorist tradecraft conduct their activities in the midst of other people — the authorities attempting to identify them and thwart their plans as well as civilians. Terrorist tradecraft also does not remain static. It is constantly evolving. These changes are prompted not only by countermeasures put in place to prevent terrorist attacks but also by advances in technology — a powerful force that can serve to either nullify old tradecraft practices or to provide new tools to the purveyors of terror.
Terrorism is an enduring reality. While geopolitical changes may cause a shift in the actors who employ terrorism as a tactic, terrorism will continue to be used no matter what the next geopolitical cycle brings. It is, and will continue to be, a tactic used by militant actors who want to confront a militarily superior enemy. Focusing on the tradecraft used in attacks and charting its changes and trends not only permits observers to understand what is happening and why but also provides an opportunity to forecast what is coming next.
In the early terrorist plots of the late 1800s, many of the foundational tradecraft requirements were aided by the general simplicity of the times. Among the foundational tradecraft requirements discussed last week was procuring identification documents. Public records were very sparse, did not usually contain people's photographs and tended to be decentralized and not easily searched. (This is still true in some parts of the world today, such as in Afghanistan and Somalia.) There were no universal identification cards such as driver licenses, because automobiles had not yet become common. Passports and visas were not widely required for travel until after World War I, and even then the records of passport and visa issuance as well as traveler entries and exits were localized, hand-written entries into ledgers and were hard to search.
During this time, it was not difficult for Irish Fenian, nihilist or anarchist terrorist actors to travel, rent safe-houses or raise and transfer funds. Communication was certainly more difficult for everyone at that time — authorities as well as terrorists. The mail system was slow, and while telegrams could be sent quickly, they were seen by many people. Law enforcement agencies did not communicate or coordinate very well across jurisdictional lines within one country, much less on an international scale.
During World War I, concerns over spies and saboteurs caused important changes to international travel, including stricter passport and visa requirements. This also had an impact on terrorist actors, such as Irish Republican Army members traveling to and from the United States or England, but early passports, visas and other identification documents were often hand-written and easily forged or altered. During this era, it was also still quite easy to assume the identity of an infant or young child who had died, because birth and death records were not often cross-referenced — especially if they happened in different locations. This practice is referred to as an infant death identity in document-fraud investigations. Nazi and Soviet espionage agents used infant death identity quite frequently, which resulted in changes to the way records were kept, but domestic and international terrorist operatives continued to use infant death identities into the 1960s and 1970s.
Advances in technology in the 20th century allowed countries to make their identification documents more resistant, but not immune, to counterfeiting and alteration. The real difficulty in using counterfeit or altered documents started when the documents were linked to a central computerized database. This meant that counterfeit passports and visas did not show up in the databases and allowed a quick photo comparison to ensure that passports with altered photos could not be as easily used. In 1988, Japanese Red Army bombmaker Yu Kikumura was able to enter the United States using an altered Japanese passport.
In 1992, al Qaeda bombmaker Ahmed Ajaj was arrested trying to come through immigration at New York's John F. Kennedy International Airport using a Swedish passport in another name altered to bear his photo. His partner, Abdul Basit, ditched the altered passport he used to board the flight in Karachi, Pakistan, and used an authentic Iraqi passport in the name Ramzi Yousef to claim political asylum. In the 9/11 plot, and in all the follow-on al Qaeda plots directed against the United Sates, al Qaeda operatives have used authentic travel documents to enter, or attempt to enter, the United States. Some of the 9/11 operatives did commit document fraud in relation to driver licenses and state identification cards, but as outlined in the 9/11 Commission Report, that fraud almost resulted in the unraveling of the plot.
Changes in technology and enforcement in the United States and Europe have caused changes in identity and travel tradecraft for transnational jihadists, who are now searching for "clean skin" operatives who are unknown to law enforcement and who have the ability to travel internationally using legitimate travel documents.
Bombing has been a staple of terrorism since Guy Fawkes and his co-conspirators' failed attempt to destroy the British Parliament in 1605 in the so-called Gunpowder Plot. The invention of dynamite in 1867 was a very big boon for early terrorists, who no longer had to use black powder, a low explosive, as the main charge in their devices. Dynamite was not only more stable and less sensitive to moisture than black powder but was also more powerful. Dynamite was widely used by Irish Fenians in their attacks, but perhaps the image of the anarchist bombthrower is the most iconic of that period.
In the age of modern terrorism, bombmakers have had the luxury of access to high-powered military explosives such as TNT, C-4 and Semtex. Technologies such as shaped charges, platter charges and explosively formed penetrators have also increased the impact of these powerful explosive compounds. Another development that has greatly altered the art of bombmaking has been the advent of microelectronics. Bombmakers can use sophisticated timers to activate a device days or even weeks after it is placed. They can also use sensors that detect motion, light, the presence of metal objects or changes in altitude in order to detonate the explosive device. Command-detonated devices using radio signals or cell phones have also been widely employed.
Perhaps one of the most influential bombmakers in the modern terrorist era is Abu Ibrahim, a former member of Black September, the Popular Front for the Liberation of Palestine and the 15 May Organization. Ibrahim is often referred to as the "grandfather of all bombmakers" for his innovative improvised explosive device design and his willingness to train other bombmakers in his dark arts. Ibrahim was an early adopter of electronics in his designs.
During the 1970s and 1980s, state sponsorship did a lot to help advance bombmaking tradecraft, as sabotage experts from the Soviet KGB and the East German Stasi passed on training and technology. (The Eastern bloc was also a very important source of funding and identification documents during this period.) In addition, state sponsorship meant that sponsors, such as Libya, could use the diplomatic pouch to transport weapons and explosive components to terrorist operatives in places like London and Paris.
Controls on the purchase of explosives, and even on items like ammonium nitrate fertilizer, which can be readily used to make homemade explosive mixtures, have made it more difficult in recent years to make improvised explosive mixtures. This has caused bombmakers to change to mixtures made from more readily available precursors, such as acetone and peroxide. But these mixtures tend to be not only more dangerous to brew — the Palestinians refer to triacetone triperoxide, or TATP, as "the mother of Satan" — they also have a limited shelf life, are less stable and more difficult to transport and correctly synthesize. In 2009, would-be New York City subway bomber Najibullah Zazi was frustrated in his attempts to manufacture viable TATP.
In the realm of targets and tactics, we've talked elsewhere of the arms race in aviation security and how it has caused the threat to aircraft to evolve, with the next likely step being non-metallic explosive devices hidden inside the bodies of suicide attackers. There has also been an evolution in the targeting of Western interests abroad. Embassies have become harder targets and Western hotels have been increasingly more desirable targets, although the Sept. 11, 2012, attack in Benghazi may shift terrorists' focus back to vulnerable diplomatic missions in volatile locations.
Perhaps one of the most powerful inhibitors of terrorist tradecraft has been the use of computerized databases, allowing authorities to crunch a lot of data. One of the first well-documented uses of computers to locate terrorist suspects was the massive effort undertaken by the German Federal Criminal Police in the 1970s to combat the Red Army Faction. The German police created a database and then cross-referenced its information on a wide variety of indices. They then created a profile of the Red Army Faction safe-house with features such as young people living together, paying their rent and utility bills in cash and not registering with the local government or registering their motor vehicles. When a computer search identified addresses that matched the profile, they then dispatched detectives to investigate these possible safe-houses in person. This campaign was very successful in helping round up the first generation of Red Army Faction operatives.
Lists of terrorist suspects and their aliases have also proved quite useful in inhibiting terrorist travel, but it has not been without its failures or criticism. The U.S. State Department first adopted a database called TIPOFF in the 1980s designed to prevent terrorists from getting visas. The system was later turned it into the Visas Viper system after the 9/11 attacks. The United States has created the Terrorist Screening Center, which is charged with consolidating all the various U.S. government watch lists as well as administering the controversial terrorist watch list and the no-fly list.
Computers are also being used to monitor terrorist communication, whether by telephone, satellite phone or the Internet. But like the watch lists, these efforts have proved to be quite controversial.
Seizing or freezing bank accounts associated with known terrorists and efforts to crack down on charities that were funding terrorist groups have been somewhat successful in limiting the money moving to terrorist entities. But the presence of significant informal money transfer networks has made it impossible to totally stop the flow. The ability of terrorist groups to use narcotics sales and other criminal activity to fund themselves has also been hard to stop.
Since the 9/11 attacks, the United States and its allies have spent billions of dollars on security improvements and have made great efforts to increase security and to counter the tradecraft used by terrorist groups. It is now more difficult for terrorist operatives to travel to the United States and Europe — as evidenced by the lack of serious attacks and by the calls of groups such as al Qaeda in the Arabian Peninsula and the al Qaeda core group for grassroots terrorist operatives to conduct simple attacks where they are rather than travel overseas for training or to wage jihad. It has also led them to recruit individuals who have travel documents like Richard Reid, Najibullah Zazi and Faisal Shahzad for attacks rather than send well-trained operatives to conduct them.
This inability to conduct attacks in the West and the frustration it causes, along with the downfall of the transnational al Qaeda core organization, may be causing the remaining jihadist groups to focus more on operations in their local areas — places where they have the skilled operatives and materiel to conduct successful attacks.
This means that Western diplomatic missions, hotels and businesses located in these areas will remain vulnerable to attack. With these militant groups in possession of shoulder-launched surface-to-air missiles like the SA-7, there is also a lingering concern over the possibility of an attack against a Western aircraft in such areas.